Check an IP Address, Domain Name, Subnet, or ASN

134.209.115.166 was found in our database!

$ whois 134.209.115.166

country·🇺🇸 United States

city·North Bergen

isp·DigitalOcean, LLC

asn·AS14061

network·Standard

$ sikker risk 134.209.115.166scoring →

confidence

73%High

first_seen·Mar 2, 2026

last_seen·1m ago

sessions·101

events·101

$ sikker protocols 134.209.115.166

MONGODB

80 / 80

HTTPS

7 / 7

SSH

6 / 6

HTTP

4 / 4

RDP

3 / 3

FTP

1 / 1

$ sikker summary 134.209.115.166

134.209.115.166 has a threat confidence score of 73%. This IP address from United States (AS14061, DigitalOcean, LLC) has been observed in 101 honeypot sessions targeting MONGODB, HTTPS, SSH, HTTP, RDP and 1 other protocols. First observed on March 2, 2026, most recently active March 26, 2026.

$ sikker behaviors 134.209.115.166catalog →

mediumRdp Nla Ntlm Authentication Attempt1x

Identifies RDP clients attempting authentication using Network Level Authentication (NLA) with the NTLM challenge-response protocol. This occurs during the CredSSP negotiation phase before a remote desktop session is established and indicates an active credential authentication attempt against the RDP service

infoHttp Root Path Request1x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

infoHttps Root Path Request1x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

$ sikker primitives 134.209.115.166

ftp_set_ascii_mode8 ftp_enter_passive_mode8 http_method_get3 https_path_root2 ftp_user_probe1 rdp_nla_ntlm_auth1 ftp_list_directory1 ftp_password_attempt1

$ sikker related 134.209.115.166

🇺🇸·More threats fromUnited States→AS·More threats fromDigitalOcean, LLC→MONG·More threats targetingMONGODB→HTTP·More threats targetingHTTPS→SSH·More threats targetingSSH→HTTP·More threats targetingHTTP→RDP·More threats targetingRDP→FTP·More threats targetingFTP→{ }·Browse allAttack Patterns→

Report IP WHOIS Lookup →

IP Address	Confidence	Events
143.198.64.227	38%	20
165.22.218.119	79%	10,271
206.189.84.29	78%	243
206.189.58.8	100%	381
68.183.239.46	84%	494

IP Address	Confidence	Events
92.118.39.63	100%	58,471
198.235.24.29	85%	166
143.198.64.227	38%	20
198.143.149.250	96%	13,665
208.3.195.65	100%	102,691